by Eric Knorr

Securing WiFi Hot Spots with Managed Remote Access Services

Oct 15, 20034 mins

Wireless | McDonald’s might seem like the last place on earth where someone would try to hack your enterprise network. But watch out: That clown at the corner table with the widescreen laptop and the supersize fries could be using your employee’s Wi-Fi connection to plunder your corporate nuggets.

Yes, for a few dollars an hour, some McD’s locations really do offer Internet access via Wi-Fi—but you’d never let an employee make a corporate connection through a wireless hot spot. Or would you? Wi-Fi is becoming as much a part of the culture as the mobile phone. Eventually, nothing will stand in the way of providing employees with ubiquitous high-speed access to everything they need for work, even while they’re sipping a shake.

In truth, hot-spot security risks differ very little from those inherent in any remote Internet connection to your network. To stop hackers you need a personal firewall. To repel those who would dip into the communications stream, you must use a VPN. With these tools in place, the security risks plunge—and all the scary talk about lame Wired Equivalent Privacy (WEP) encryption and unfinished wireless security standards disappears.

The problems of securing remote wireless access lie in deployment and maintenance—things such as dedicating servers and routers to VPN hosting. Most important, you need to figure out how to migrate your company’s security policy to the far reaches of remote access so that users must use the protection you’ve installed on their machines.

Confronted with such hassles, many companies are turning to managed remote access services to deploy VPNs and other protective measures. The big telecoms, particularly AT&T, have been active in this area. But managed remote access has become a hot target for carrier-independent startups as well, with such insurgents as Aventail, Fiberlink, Gric, iPass and TManage garnering attention. Those players have cut deals across the major network service providers, including those that run hot spots, providing a big virtual network for end users. And they can deliver complete remote access solutions to enterprises tailored to individual security policies.

Saving Time and Money

All of these service providers put managed remote authentication at the center of their value propositions. This service is handled by one of their preconfigured servers ensconced in your data center. It uses your authentication database to validate remote clients, which run a proprietary bundle of VPN, firewall and antivirus software. In other words, they shoulder the burden of deploying and maintaining all that nasty stuff. And the software suite can enforce your security rules, such as not allowing a client to fire up the VPN unless the firewall and antivirus software is running. In addition, the software is intended to make connection and authentication as simple as possible for the client—not a characteristic most people associate with VPNs.

Another benefit is that managed access services also consolidate billing. It doesn’t matter whether clients connect from a hot spot, dial-up or hotel room—or which network owns the pipe. It all goes on one bill.

All of this dovetails nicely with the trend toward telecommuting as well as computing in public places. Laptops have surged in popularity as primary machines, providing a de facto invitation to employees to carry their work out of the office. When people do that, you want to give them more than e-mail—you want to provide them with real access.

Personally, I wouldn’t wish a couple of hours at McDonald’s on anyone. But the free-roaming world is upon us, so whether users connect at Starbucks, an airport lounge or the family room, a secure machine and its connection are essential. Anything that soothes the security worries of an increasingly distributed workforce is a good thing.